NIS2 Gap Analysis in Minutes, not Weeks

ISO 27001:2022 is an international standard that defines requirements for an Information Security Management System (ISMS). It was jointly published in its original version by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). This questionnaire was designed at an advanced level, suitable for organizations in their mature ISO 27001:2022 implementation level.

GDPR (General Data Protection Regulation), is a comprehensive data protection law introduced by the European Union (EU) in May 2018. It is designed to give individuals more control over their personal data and requires organizations to implement measures to protect the privacy of their customers and users.

SOC 2 (Service Organization Control Type 2) is a cybersecurity compliance framework that evaluates and reports on the controls of service organizations that manage customer data. It was developed by the American Institute of Certified Public Accountants (AICPA) and was first published in 2010.

The EU AI Act is a regulation by the European Union aimed at creating a legal framework for the development, deployment, and use of artificial intelligence (AI) within its member states. The Act classifies AI applications into different risk categories and establishes specific requirements and obligations for high-risk AI systems. It also includes provisions for prohibited AI practices, transparency obligations, governance structures, and penalties for non-compliance.

The Digital Operational Resilience Act (DORA) is a European Union regulation that entered into force on January 16, 2023 and will apply as of January 17, 2025. Its primary objective is to strengthen the IT security of financial entities, including banks, insurance companies, and investment firms. By doing so, DORA aims to ensure that the European sector remains resilient in the face of severe operational disruptions.

The NIS2 Directive (Network and Information Security Directive) is a continuation and expansion of the previous EU cybersecurity directive, NIS. It was proposed by the European Commission to build upon and rectify the deficiencies of the original NIS directive.

NIS2 aims to enhance the security of network and information systems within the EU by requiring operators of critical infrastructure and essential services to implement appropriate security measures and report any incidents to the relevant authorities.

ISO 42001 is an international standard that specifies requirements for establishing, implementing, maintaining, and continually improving an Artificial Intelligence Management System (AIMS) within organizations. It is designed for entities providing or utilizing AI-based products or services, ensuring responsible development and use of AI systems.

ISO 42001 was published in December 2023 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC)2.

The SEC's Cybersecurity Disclosure Rule requires publicly traded companies to disclose material information about their cybersecurity risks and incidents to investors and other stakeholders. It was created in 2011 by the SEC's Division of Corporation Finance in response to the growing concern over cyber threats and the potential impact they can have on public companies.

MVSP (Minimum Viable Secure Product) is a minimum-security baseline for enterprise-ready products and services that was developed with industry partners (Google, Salesforce, Okta, Slack) and published in 2021.

Not finding what you need? Reach out to explore more frameworks we support and learn how AI can streamline your GRC — click here or email info@vendict.com for more details.